Ring signatures enable a user to anonymously sign a message on behalf of group of users. In this study, the authors propose the first ring signature scheme whose size is O(log2N), where N is the number of users in the ring. They achieve this result by improving Chandran et al.’s ring signature scheme presented at the International Colloquium on Automata, Languages and Programming 2007. Their scheme uses a common reference string and non-interactive zero-knowledge proofs. The security of their scheme is proven without requiring random oracles.

The most widely accepted models in the security proofs of authenticated key exchange protocols are the Canetti–Krawczyk (CK) and extended CK models that admit different adversarial queries with ambiguities and incomparable strength. It is desirable to incorporate specific and powerful adversarial queries into a single unified security model and establish a more practical oriented security notion. Concerning the security of one-round implicitly authenticated Diffie–Hellman (DH) key exchange protocols, the authors present a unified security model that has many advantages over the previous ones. In the model, a system environment is set up, all of adversarial queries are practically interpreted and definitely characterised through physical environment, and some rigorous rules of secret leakage are also specified. To demonstrate usability of their model, a new protocol based on the OAKE protocol is proposed, which satisfies the presented strong security notion and attains high efficiency. The protocol is proven secure in random oracle model under gap DH assumption.

Code obfuscation is intended to thwart reverse engineering by making programmes hard to understand. Call chains collected by stack tracing can be used to understand the behaviour of programmes. To hinder reverse analysis of stack tracing, a binary code obfuscation method based on random obfuscated table and hash coding is proposed. Random obfuscated table is used to map call addresses while call and ret instructions are executing. Hash coding and random value can be used to encode and decode the data of stack frames in the run-time programmes. Experiment and analysis show that the obfuscation can effectively impede stack trace analysis and increase the cost of reverse analysis for programmes.

Tag cloning attack is a serious threat to the radio-frequency identification (RFID) applications. Cloned tags detection is an effective security mechanism to prevent the attacks. To improve the accuracy and efficiency of detection for cloned tags, this study presents a deterministic cloned tags detection (DCTD) protocol for anonymous RFID systems to detect cloned tags, using a tree-based anti-collision algorithm to find irreconcilable collisions. This protocol, which uses the pseudonym of tags in the detecting process, can quickly detect all the cloned tags with a deterministic time without revealing the sensitive information. Experiments show that DCTD protocol, with less detection time and higher accuracy, outperforms the known detection protocols.

The authors describe two different algorithms to perform efficiently the ring signature keys generation. Given an integer size, l, their algorithms find efficiently (memory and time, respectively) two distinct l/2-bit primes (e1, e2) such that e = 2e1e2 + 1 will be a prime integer. With a naïve algorithm one only needs to store O(l) bits (more specifically, only one l/2-integer), and need, in average, O(l4) basic l-bit operations. With the second algorithm, one not only improves this computational complexity O(l7/2), but also needs to use, in average, O(l3/2) bits. The authors consider these algorithms useful for implementing ring signatures in mobile devices where there exist strong time and space constraints.

In this study, the authors consider the detection and identification problems of distributed domain name system (DNS) cache poisoning attack. In the considered distributed attack, multiple cache servers are invaded simultaneously and the attack intensity for each cache server is slight. It is difficult to detect and identify the distributed attack by the existing local information-based detection methods, as the abnormal features for each cache server are indistinctive under distributed attack. To handle this problem, they propose an information fusion-based detection and identification methods. They find that the entropies of the query Internet protocol (IP) addresses for all cache servers are approximately stationary and statistically independent under normal cases. When distributed attack happens, they show the fact that the correlation of the entropies among all cache servers could increase dramatically. On the basis of this feature, they make use of principal component analysis to design the detection and identification methods. Specifically, attack is true when the maximum eigenvalue of the normalised entropies matrix exceeds a threshold, and the attacked servers are identified by the main loading vector. At last, they take a large-scale DNS in China and a simulation as two examples to show the effectiveness of their methods.

Text-based completely automated public turing tests to tell computers and humans apart (CAPTCHAs) have been widely deployed across the Internet to defend against undesirable or malicious bot programmes. In this study, the authors provide a systematic analysis of text-based CAPTCHAs and innovatively improve their earlier attack on hollow CAPTCHAs to expand applicability to attack all the text CAPTCHAs. With this improved attack, they have successfully broken the CAPTCHA schemes adopted by 19 out of the top 20 web sites in Alexa including two versions of the famous ReCAPTCHA. With success rates ranging from 12 to 88.8% (note that the success rate for Yandex CAPTCHA is 0%), they demonstrate the effectiveness of their attack method. It is not only applicable to hollow CAPTCHAs, but also to non-hollow ones. As their attack casts serious doubt on the viability of current designs, they offer lessons and guidelines for designing better text-based CAPTCHAs.